From 558b8f827c7cd41bdf053337804d503097b6ac1d Mon Sep 17 00:00:00 2001
From: Petru Paler <petru@paler.net>
Date: Fri, 13 Sep 2024 12:04:10 +0100
Subject: [PATCH] Convert c1 & c2 to disko and cleanup old keys.

---
 hosts/c1/default.nix                        |   8 ++++-
 hosts/c1/hardware.nix                       |  37 --------------------
 nixos-setup/keys/c1.key => hosts/c1/key.bin | Bin
 hosts/c2/default.nix                        |   8 ++++-
 hosts/c2/hardware.nix                       |  37 --------------------
 nixos-setup/keys/c2.key => hosts/c2/key.bin | Bin
 nixos-setup/keys/c3.key                     | Bin 4096 -> 0 bytes
 nixos-setup/keys/zippy.key                  | Bin 4096 -> 0 bytes
 8 files changed, 14 insertions(+), 76 deletions(-)
 rename nixos-setup/keys/c1.key => hosts/c1/key.bin (100%)
 rename nixos-setup/keys/c2.key => hosts/c2/key.bin (100%)
 delete mode 100644 nixos-setup/keys/c3.key
 delete mode 100644 nixos-setup/keys/zippy.key

diff --git a/hosts/c1/default.nix b/hosts/c1/default.nix
index 31af965..445f5ff 100644
--- a/hosts/c1/default.nix
+++ b/hosts/c1/default.nix
@@ -3,10 +3,16 @@
   imports = [ 
     ../../common/global
     ../../common/compute-node.nix
+    ../../common/encrypted-btrfs-layout.nix
     ./hardware.nix
   ];
 
+  diskLayout = {
+    mainDiskDevice = "/dev/disk/by-id/nvme-SAMSUNG_MZVLW256HEHP-000H1_S340NX0K910298";
+    #keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777640496-0:0";
+    keyDiskDevice = "/dev/sdb";
+  };
+
   networking.hostName = "c1";
-  boot.initrd.luks.devices."luksroot".keyFile = "/dev/sda";
   services.tailscaleAutoconnect.authkey = "tskey-auth-kmFvBT3CNTRL-wUbELKSd5yhuuTwTcgJZxhPUTxKgcYKF";
 }
diff --git a/hosts/c1/hardware.nix b/hosts/c1/hardware.nix
index d60c905..e81435b 100644
--- a/hosts/c1/hardware.nix
+++ b/hosts/c1/hardware.nix
@@ -10,43 +10,6 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
-      fsType = "btrfs";
-      options = [ "subvol=root" ];
-    };
-
-  boot.initrd.luks.devices."luksroot".device = "/dev/disk/by-uuid/7fa539a0-6c91-49ec-9df2-e81708a07662";
-
-  fileSystems."/persist" =
-    { device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
-      fsType = "btrfs";
-      options = [ "subvol=persist" ];
-    };
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
-      fsType = "btrfs";
-      options = [ "subvol=nix" ];
-    };
-
-  fileSystems."/var/log" =
-    { device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
-      fsType = "btrfs";
-      options = [ "subvol=log" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/D8C2-9216";
-      fsType = "vfat";
-      options = [ "umask=0077" ]; # to avoid the random seed being world readable
-    };
-
-  swapDevices = [ {
-    device = "/dev/disk/by-id/nvme-eui.002538b981b03d98-part2";
-    randomEncryption.enable = true;
-  }];
-
   nixpkgs.hostPlatform = "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = true;
 }
diff --git a/nixos-setup/keys/c1.key b/hosts/c1/key.bin
similarity index 100%
rename from nixos-setup/keys/c1.key
rename to hosts/c1/key.bin
diff --git a/hosts/c2/default.nix b/hosts/c2/default.nix
index 9a796aa..e787530 100644
--- a/hosts/c2/default.nix
+++ b/hosts/c2/default.nix
@@ -3,10 +3,16 @@
   imports = [ 
     ../../common/global
     ../../common/compute-node.nix
+    ../../common/encrypted-btrfs-layout.nix
     ./hardware.nix
   ];
 
+  diskLayout = {
+    mainDiskDevice = "/dev/disk/by-id/nvme-SAMSUNG_MZVLB256HAHQ-000H1_S425NA1M132963";
+    #keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777650675-0:0";
+    keyDiskDevice = "/dev/sda";
+  };
+
   networking.hostName = "c2";
-  boot.initrd.luks.devices."luksroot".keyFile = "/dev/sda";
   services.tailscaleAutoconnect.authkey = "tskey-auth-kbYnZK2CNTRL-SpUVCuzS6P3ApJiDaB6RM3M4b8M9TXgS";
 }
diff --git a/hosts/c2/hardware.nix b/hosts/c2/hardware.nix
index bed4683..e81435b 100644
--- a/hosts/c2/hardware.nix
+++ b/hosts/c2/hardware.nix
@@ -10,43 +10,6 @@
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
-      fsType = "btrfs";
-      options = [ "subvol=root" ];
-    };
-
-  boot.initrd.luks.devices."luksroot".device = "/dev/disk/by-uuid/03ee7c3b-19d5-491d-bc2e-3b0681e6506f";
-
-  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
-      fsType = "btrfs";
-      options = [ "subvol=nix" ];
-    };
-
-  fileSystems."/persist" =
-    { device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
-      fsType = "btrfs";
-      options = [ "subvol=persist" ];
-    };
-
-  fileSystems."/var/log" =
-    { device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
-      fsType = "btrfs";
-      options = [ "subvol=log" ];
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/B543-374F";
-      fsType = "vfat";
-      options = [ "umask=0077" ]; # to avoid the random seed being world readable
-    };
-
-  swapDevices = pkgs.lib.mkForce [ {
-    device = "/dev/disk/by-id/nvme-eui.002538819102bebe-part2";
-    randomEncryption.enable = true;
-  }];
-
   nixpkgs.hostPlatform = "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = true;
 }
diff --git a/nixos-setup/keys/c2.key b/hosts/c2/key.bin
similarity index 100%
rename from nixos-setup/keys/c2.key
rename to hosts/c2/key.bin
diff --git a/nixos-setup/keys/c3.key b/nixos-setup/keys/c3.key
deleted file mode 100644
index 14eec7c5e2906b88dbd8abf355c6e9be7ed5a391..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4096
zcmV+b5dZJ+ui2b!;9!Q(5vEX#3^G(Rtk2sG;4iel!R^B|$kxBTxz?+CyGkil`=xQq
zYnh)COU$Onf0VtwoejJ*{WJvB5JhoK0|QANk{B7<#L&ckgD+^3eZ1w%EZ`YvQ?tz+
zyT9Ot*R+k9)4rmCsXtefkJXSn!G~p91o}<VM?N~rYg5KLy@)DEBy&8~pdILmp5Cd7
zr|Gq}mea>FSX+a3OYx|vumzh$`Jb5oHGA!IAw8|*z^xFiH0@yM4%D1t$6q^?VeNz>
z#hBr`Q{{lsjvI}wT~T*jG-vQIews5#2u6B8y$hfz%`-7a_ymd#tcP^zq2^{sXJj;m
z)nREVWb8@GMpk6ug9LhKw`jo!kyy0aLOfbU))V6N?=NFDC7IR-c!Vb+H#(U}!9T4i
z2u;s=Gi763ks}VzR9s>iO7`}1*#4pZOe}VQM7RKs-0~x)pJ!z98|sY1__br&^Pl;6
z88gAQCjkHG-~CK_QNgx$MI@YCU1$SrhpSkGkD+8vP@0Jq6fo^~I{xu#z6hocTc&AD
zudUd{#jmHz)65~KT+2~O0&$eR>OEy%dt?B}Vv_7`UVCGj^sdPaiut%NiMLHCKS%0s
zBzu+u=Haa$rdSHCbEnSTuFH!J3X(q|JWY>UNSrK!V1gctTgRC_pjGQwE>XxggJCld
z`1AD+Q$h+pC|YWD#CJix6HR!4ksNXuqX+e47^T5+G+pqgz}B!~-9~RT!$g1~xcDaP
z81kXmo%Bn+z38nu0HbhL)h5<=xEn`W>g1~&@F^EWb@uvApY<eu)QyB`7CDbw`hMlH
ztjgLYx5xj4ya#il^gqtQCHoK1g4OS{Wt4e%ylsWANS=JCz@@M&9Moyt_4EAK8~&<Y
zF}fKK#sGS**o`0V*&r%&A)G4BhHm9b;Wb`JU~G^89G&9<+FL|_=-!Q+;or<~$bY?5
zJ7S#G|KFjVDfh@MzaC<bPU&6Xj?wpXuW;o+w!`cfXHgWO#9OfWb&CXcBf}#&qJyC5
zRfM3$T>2}Mw~e@WPI8(Kj(=}-Rn)mJt=0}<V4#AaKo0Es7c~EO_CD<@TDStlHRQmR
z!abRwa@`Cc^8({ic>*4h(U+X;A%M>h5_cD=4Ebu35W+8uox;l~?k7VAyVYpuLa=Y`
zUU!IWct9f${wh#OMOu(~{66%xF<OkQ)N~~9>&zA65EhgYh!DqsZ->W(p(h<jP@P^r
z3CZVmRL9?c=Pcp_%{*43e%;M=@307TdRW4H`9AP37eJJj?|cbx)%L%ffYlWkyapyT
zGjx?Qc&w&e@_&%K=bpc-ckQTx@jcRat`wFUAoi7|xYDVK7?)_krTv*HY9ykTgevF*
zCx1j`;hoc;D{<~ThG0}dVEs2%ZW7bZf$u)m?yLq<Z_cT4IJd}x9RG)!`qVnB3o~-g
z0Ct3#?_f(pRk$f9-f-N_j>Y}W&d8$HuA1X@Y9AnhkV%Yh(w*Mz<5b$Cz@Y<T4Is2b
znmiMd8pIG06G;pcUC%4%eFv@u7mp4lnI`#pAZ99uf4XqMD?sRZ=$C@JbDKbqO)YL{
znT~Bf<0}_;0`QtZ+fzBH_nS_sSQt<+r$$YALO(lpQp-QmrDUc7m*>|#{KQ9D1iGXR
zQYGmsQ`Q07K1UR6yZHmy)@qK6y<0SWcCW&()_jG((?D@Y%xHR@5>9PpTv^j3<xZ_I
z8X{02>?|uXD%+-Y_iEtowRq>@HSl+2jr)+|O~THj6A}2T1@dZlibQoN!&Ah}&0#~a
zIUIVOI(lJ1sS@;NAjR*eW$BU3lhPiBQ$HSG^e3Y|yy~C{E;RItt1Nh;<_7V`dFxr3
zUgQ2D#aik^WfFo^J0C*Sx};w{h3HnDbG_qQS5)ECY)rN~vo>TPr$>xVYJ{1TLzVse
z$(gv*E#cc<R*hAC887UUu}fd{O2rHVRRHB8UBut}578Vz8E?{R86-ug@|Jg`x%0{Q
z0!v-so(Ls6qXgmg0YtNdO#ZFh184+>6Zhg2r~kNwYzINSOBy5hj=*&moCXL7nkUcv
zort2FL_18yqqG*V+F4W(wPj<gY<$5t*%7qF>h>YuKr91n=sxtnJSIP&Pr@M$)%+7c
zGT+xb2>OEkG~u(<k-6copWKUox_tjYe6p|U=j=<)YDcv9D>5-`x*fVHECeR)Xi(JJ
zZyxN>sBZ2@6C?pjl+VYT(Il2e530Kq8ZLYa7tmE|&^OEEH%iFO&bj=I{0R|f%!m$`
zf<DCavYkNRWv|8J#JYysAd8f99))+}?_;?nnC=t*7^!0C<O}m3r>pprH2a+=Rt9-n
zI(+r^!SA7gYHWe^yI=_Xixrmq%zL=C)gYRuIWS?Pxt+;Qq!%I{ODDh0bfTDca3RcY
z5{dVIr_<xK#o0wWg)2VH&;5vCg?YHr6M8928E&&USNJ}qn+%H16!*m?S-dMCFao;(
z;RI`5#z-r8b*G;)0mTneKo7;J;BtQP<CT)UxmdnZVcicXxkXZ<8at=2YOixX?~q-H
ztKW6L=jXzq&y2hlKXGjTL}!#wai!5N$6B1=f)c%u#9gfQYhwsRz|x|OS9J-n(>7nu
z5%7GI6H-=*UPRdF$#!D~=Qaq(Izl+_G?}lMz88qvHxn2dDqAul^8M<Gdk|U4lbPu(
z-5v%+*JV5%pb9B-T{zbRT@!wC|G75_L8VUG<Yc1DhGrZ)F9)arujGO%BWaO^CGANT
z`WuwW8y1s@SiGb2W3??h1f3FAuN!k8IMb-yQ^H+`gW+gPSwbG2C;?F&(8WxnIYAFo
zlGS8u>)b$$LR=mfz6Ipw9C%la*dEXWPuyL!f9ZkWVYC#BWl3Og&glIZ(PMB=J}isj
z6&5xbJ+RU*0B4S)mqRhuX<6qlxwNRAR&|x}y#@Y6<CRzA)>l3-u{!=3ZoRcysn0HH
zU6`v87uU6Tugw%dd>CVXzFY+g51o-;A9p_!s=!LM4v55{K(JXpVoi8~T^4xpKHZ3L
zr)>owLZ(5laEC!zN+NH+ws-{tzD9oDtk;fuw@{#fo5sbVm=}o88wNP#unzXd%<Gxo
ztaF`@-^RA2GwW??KGGlT3R~EF;5<aqwcEcaZfwDNWNz#fW)%EQ<+&w0dNGCf(P0VD
zc@UI}E;G@&Ul62WzLE2QSqOr+b|>oR8elN-3+|YWXu8lJ8Jb`L)b*Lm=^9NV#6~+?
z?}bK6@vw3X!A!2?t#Ij5IL<Fx;-m!AJKOlsR=#r%&m>Khiz(U*X2IZP=93iM(5=^x
zBtc8~#IzXF_e7kI!L8XsyWX)O8#r~>g8T9&h!duNbJy?zbVsybu@c~4_UQYJqtSNL
zEm!#bR%dk&M7wxu-quoNH4EKpXUkuW&+@1`kIDG4pNuI^a1<!j#5apm)-I0UN;;PY
z+=FwbrnEUY2<fX9uGZG<Gm~{*f{IKSX8|hUrrQg?ie{ptixYTmVK}0bk1<u|fqh*>
z2;_1Cg^Np(MW+*>7>N=FgD>)YxjyJoQR?pLgpuB{zvZHnnbwo?JSl2s-@6%;Z!;m0
z&Q-<xzGdnWe+lN0@v2KjG#%EYon~=sqN?<kk#X-hk~;R(iy0tr>|YAn4+0m1J*|Eq
zEAv5t8nRy8m=4^#!StXmg?hP{a0p0Ht}i2ibO}bgy|7Z$-nmKvKcp@4K5WQdj)kwJ
zkqYe!)~BK)dL>dQpQvBH70baWqutDrO)rY987x7ApKp_-=h#(cN@{Up*0}9H=#(Dn
z{!iV46$gw0cA}i)Hm}QbBuX7FGUdz@TnP2Kz+aH$FW8+X3rvvla6y{OFD30@7JL+N
z`)5+@)8KD-5m52A2+5nFOFr#S#B;CUOv27@^Kaax$*bA$WKi7@AMabK6HLXYLFlPZ
zRQJ0YTtD8>K4DR>lg`dgv^~0>C0x_7JgZR!d_fwvZ)C(35KPG*rT?}vLe9aO&!ybs
ziI(~q-o4KV;UB6AqbW%%;zV%DWCEyoE^*?%kzG<V{`isLt`_H=hKn$W((;7g;u?Oy
zgFL+x46=#*?c6<+o4b-m;<Ew);=Xu>HgP`%3=?IYCJ3LH_;+?Iu_N!}VR;9ln-9=*
zKI{ta81QCH{LluEwsuKB#){VRcin>Yg%DhpmJboqiyU%1+=R;@3P}${^KG>F8nu14
zVpsl^+$b%WqcUK28E&I%-LXH_768uyZnKJQ&bHow_|aYanswIWOy0Xqz8<1<EWE!*
z#do(4uJG*qxg+3OTDmmiWVq3_Dhr;O0U0pMFr(!ykz)RR?SAQ@1TwMR534IfItj0i
zwOJ&Ca|h5V15!NY!;C#I->WrC5hcx5(ElSwbDW4Kx>WE?^6DLhyexSG!>noOAY2{6
zzSP<xyM+t@3RKE_ybCs_Ib5~nk(tYS(5w}Y%|;LdGq4>?MvErc6{59scH*U=fR)UX
z$WuIh3&BxRIyqgMSUvvB8|+i;TSuq<29(*B4|xA={OA=;^#>{L{-!kKQHGsE_0+e^
z(hF6k+_8`gEpfhe`HPQ;TqR+WPrb%l1V`fhF#p1&t)oNtQZnwa;qYO1wOmv+H#ZD2
zQ-Pb?d@|G1jP#P-tFW;QkepV+uhG#`D1FTB0WV?T3~6~rjwyJiOY2?X`#G_QYXg)9
z&&k&su#Ml3<5{b~;M>a|a8#8r$X&OD8qT+jF~7hz%^fS;gzAh~0JB;I`1Ruck2n|B
zysgi4X<BjSeh#<Dm8X-ya0%jOYIK~Xb5E&8ZHX#Ds&Mxw%=L}G^;xK31s1tQ*bryJ
z<Mh3#H5VbLFk}x&ttq|D96~vY;}jh402%?(B)wJ8sc+IueyzP0OO6}28RYg)Kd-f3
z=!t+PKlFn$n^da>&T*Zvz>kzjY)B&B_306*?`|988Jt%M`SOrcfPfwt6Nl7MN7wMb
zlW0zRwV}%I2>OXJm~1MEc#;4(kxUVyx~bC)Sp%gpdll}qics8nB4eX|+D~(9h>z83
z01EbKbGO+b*D}H{uPkXvZA&X{N0)}V*3wlT;WC=ZHKvu`&U>s%&nnl1j>RVPHEyZ~
z7s%01F>N^(J^im0wUrJg@fqxG0KUQ-b%(!&#`I=LEl}71d{pXo4J^!8RZ>G-hg%hk
zoxI>sh|uJqyVBNf;DE+PWHFv3rj43!Ok34;ef!_Br1JNUdq7Bv1ZedqOa0N&RgPWT
z^a3`pSf@?1XetV$*St_1;Ra1aztM;?Q@ALrXO>~}<|JixsY22z$<qnCSpJ#5U)P7$
zcN<Ec`1H~d@SGua#XY~VWAJGq(hy@?{DLt6h8)X|HAOj?hq<zGX1#I(e`k|4mLG20
y+G(8)#0g=XDtAidFZ#enr*=W0KYkNdA5SFwbg4`WB4nB0_|!=RJHLQ<bL2xqCJR3R

diff --git a/nixos-setup/keys/zippy.key b/nixos-setup/keys/zippy.key
deleted file mode 100644
index ec0095cdef6cbe1c354b92c09f6fe353c31973bb..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4096
zcmV+b5dZJeBxv~4d}D&YS<D)T91nEQg;x7M_!ctboUwSXfVS9Eqt%0nJ|c$$(m8<+
zcbE_dH0ofuS*FTST;ypTBhBXH+jqqPCp?dBLdZGgFmBwt3`$Am#qK|XWg4)ku+<@q
zIP@MuwQvkwf$(wpaHA$vf6{g5P?1#4-QDFY??kY?bpnGY!_7{wi+31Q)S(1@DDmTN
z=XTI*SYGpXhz-m;h)`_e-?=Y$#&Crz**f)qSQ)kNoDu+IS5ZFuiayhLTLE|Z)ErGn
zKs=yc<&W#p?!SUJOU_6|y<H>Gj_QR*x9w`U{i_Q(fuXa+ked^{$WoeK@Xvf+3Ks*h
zz)<}X^2p$@GA@L*54F%wCc{#>W)e##h*!TbG=156uiI+AbhUtAc4X^%7tM1$Z&=I?
zY4H=9{=kt$pPo?q+1vo+HhZlBxClPX#f9w6S};4U*Ip^a+t`4P69!Be2#2HRz#6)H
zy~&X)-1uk-{c9P8FG@Q-*2}rhand6%dohO!fqVrQhVY`~;aAjX#t1D_EdVkAhEEo6
z<V2|nV8XjIP+U&U+?UvDW7c(zp4S36HYMDp3GISyJ`%q|eZS4!2@5QbViD>9+IZ+x
z)z8j(a@=}xf2-P}bS=fb05{xa6?}iLo;k60RpN$f4;Ft8@6on_Q!-(0#V$`;yTFT}
z7Wl({FdELZc5bB7UZi3wP9E&V5kvJtV!GS=Ud@qlz;aO50BC8J%VrIeud?*z#R_$z
zePfh;m=3mOF#PSD8Xa1Ev)36-F%hP68kfU$z%O@P*Az}|mq2CTl^W~u@7NJ-Dmy#O
zTbz(}1Ow)+FJ1(*7(v%)oKr4hqyG_-@z=|}k+S(xUQe$0nNb-Nh003ey{w?UU^SAa
zd8TpqChnUzt2GSl%I^dzh!$e&IkG|&DmnLdNF~*ud$@|%jSXVFx2lJ8Xiwhu)7RV0
zr|GAl>l%Oj(kZX(=>An$)cnU(DM6#~dDjOmWHY%2^vr?)v}H0d^FZtxvwQ2|*Ym$|
zuiuJx(F33FX9ot@zlO!Y&?a-=#{Dr25kyHxB8I+qL%c6o#B*noo0vPM<ByS#eb%u6
zuUQJ#N|9{__h~F)Kpt+voKhGcjaKs`L`Q<RU2m;6WM($SuppJ@X+3R`iOQv1TsP;b
zLdXAX%ZSS2w$Sh1FOav=JmA;}Y<xXue<p&krB3B*`HAj=6YL5yxumDI32BNsy*`LF
ztatjTkw`j&d}+Lqn6_UxQJG})!ThUwO{{Vcw@pP&+d;^FoGPazOP4A2Oa-&VoXC?+
zpP<)kR?@ce;9-8r1;3*I)2Sr;<21q*6w=e>p6wlIg}6ht?G7oVCvtI7b@t%^ziV}f
zeKfo6L<Kr4i~6>l0Cus8Rci$vd3t}D8ZV)1!07K5s4QxrG9b;HD#K5o(U^fqN1{tj
zXoE!4)O?5i>h6Zu2njhp$%+@zET5xe+?LY(<?mro57ce3jNf(`7q#pDl5Uk~9D$MQ
z#q?dotg7uW!N3BZe5Q<7RuEBh7v@=;UcrGt;lz)NG2R#uwe+r!jV7I*nbh?P#Gw{i
zuk~B{3q68ApQz((J5>7Oi%^5SOzso$X2w5@W>Ni4$)ZbGmcU$M=CLr?sjXnV7`=zg
z)S?+*WKM|bVV{=?x!VHBG3@~t)^7cLtmOJD422wBB6(8H$oeLnJ%#aOs=6X=oW?1*
z&eq#lk8%ntWqzlgn`?XsZLcC!7&sZ0N;tG&v1wS-T#Y!eFq_8)Od|Kl7T?IE_ipS&
z>+o#D-s<+AwwxiPLNG?)m%aE|E_YGtIKiZ25~&z-z2`kDA<GJUcsCJuU%cPp<ZiTA
zt!yNS>7@;#mE{$FjN+_Ul=?dtR{fM(7y2yc0{2Ke)~xCd{Obq6qwAN2vJ8f*i()iJ
zJZ+-Jf<G+_Oob-cPc32WUJpu$8h}=@sY3V(3MiykOsBNTM%Ar>z`bcUG$uVlhif$s
z%$a}9N8ckz<QHx=y2l`Vxt?>$0IAU8A<X09RBU~ZpqLd6Lx`9y$lAmOG*lJyWp#1U
z51<r<Bt;QHy=H^-yp}LbcCl(OCt9d5pyprBOYXakZ2>s)jR>~sdcX?;)jfqMjKrQ&
z`z)74@*@y<snUtt4V3Y$K0^4R1i<M2G#8^~AmU;;wN)suwj@gu8luP5CVZ3pUD1YQ
zBU|Nk2<><(B&Y!F-AT^t^{3gj^g6FzevMzwk;plSU^vPK7%ewK??IfOv)W6y`8$Q)
z@~<p9ILfUE#y^#Drenke!ZeQq-9O0`P9#};V-h=pJSi{-(^4BtLRFM??#XZqi|npV
zLx?(AAqy45JD}Dd1rqT3t9ai+uPU<m8d3a-)-ML&r_*_yi$sn`KEJ=cMd%rUcQoOv
z{%#0sH)QH;n_Ltt_ZmbUP;)kvz;}esa~)}B?^W>%y#<F{KsM>|Dv5-c2l9Vi*b7F2
zdCnpDi37b|RtEkoO_whJF>5nq%De3<J#+>&&bLW?-lkvR9PIZW{qe`^>&Kn~E7JNn
z9BGmKB14t%4ijn<XPa6pJARLqV5W#~-QJl6`Q{%io^&SEI1R-9#1Q#QBaf}L&ek5;
zwyG`UKt3a&7+eRPWr(hrV>Cc7A8M@4l&k^X=9S~x<F`YzRKFjw+NTTtTk!u?d$1*U
zgc5l<XHC^kf8!dY99(TAT1FDGcwT;#9vmHajM+qv&~u9IZk|}x*~$;6_cxIC+ChU#
zpE|a&(Ya%6Vvc($3C%L+9Nf*&h1Ma%6O8^IFEWRYUZ5mowkr88h2xyfI&`uBur79x
zDTfN0S_HA8GCr15^l7RYx!SxeEAn)|on+?uC9x6(3U?}6?|L|1{NT#djVGhhTV66Y
zY5ftg@cgCu0NEnp(w&)L$}&shFXz*FFFqF?CYOkBZK#<K;~*6i)ap;B4)$uWdq7o0
z`Waj~t;f+Z7#wLH=n+dEq9~gHA9JrjEbK{&!68JyAZs>n!)9r4P<&%<<R}0B8s+cn
z6|l#|``gkisaf8ee}GYof_@sWB2DE;ADfKm+Z#4<Ot=tC*nBcQb<ht=O<Llz*^|gd
z2HvATzBK<Dqu5F^#ha?PkZ3I@9x8Py`8AYe5iPa-yrezpv-0hI=B8ianC<@RF)l`w
z8a!(Ti-3bWgUQJ2v?=&}WVaiv)01-_4b}Pi@(u6^zW=)N4%Xp%ARClg7!{mN%LZBY
zneNzDd3#1xpzbKR+00A;citx7t+9!E;8c>M^SE;VOmJ2{Xux%>{3hj}S#rFi>hC++
zW}AcSQ*V28TBo0P{GgV?gF5`%%<PylP9dqLW)EMzrIH%A#MKYRwp5`>ArfcM8n_p#
zYGL0fri11ejJbg#a`V}6BbmQYaaR_C)FBBEprG@gsbW2r`>4P#ms>=EGsu<{d6dTA
zAEFMYF#-tpUsJ#)OK5!x&7T;E><lGJKrHn^3<;eFRJ~|vTU5T;H5}dL4gk9G0H|re
zr;*|}+KnO+7_b0#yaTgyF>eQe0e08Mv{I~7e5NUODFbQlqBO-J>#VyY3#Nuf7n@ks
zVYdpqQxW@8yD+la1G5?R@3YYA6TH}S`Z*a!2cELh4)AW$TF$ChH`1Wy3eSsie8f;y
zS7Bdjwem9lDYJpW60>a*`Fx#Khv6{^g>D6B4#?DPuc|uUO6ik+a#3mEWmN{?)EV)q
z3JWz7Z%;St${pqP-!O_eOwxAarvilxi#~>cAfNZLf(}@>g*UH0$J427^k=+EYT_wp
zUd&{1s}^HL*g>aoV}qvm+<st_g;IpM5U>ab%@X9hR>og!^i0re$E%+n1K1+s59cB#
zb1-zU=G{Dbm0yPQ)}-VSd2=}jiOuV;(WjRA$wa&;_P-@f)h84VeH5L)aX#~*<hD5B
zu*0SbqS&I$h#C9`<fHeJCkOZm=p5bhhZ6I{r+LQuoURd;P^xJeA-3H29LD-N9gijA
z(F^B*K)1~3W8*54&Qqb+Y@1YMB(zgtX)y?kj|3$5ncf4pNYPQUP_#m&4?v8xP5w0y
zMRRJ7`ZMEpyD87kwmd7V>j|isxmQLVS{r@b(YizGQX5_AQRwI*X;j^zorX>fS!rfx
zM`_e1uUAxWk%7;dWTe{lW05FEuYaFzpaa$hdxVy}7Vb}9G~BT~2eGdEqg$H)&RVJy
z8G+BG(Qpr}4pL?#Zda+aw76EG-}SSdFQm;5nO#kTfnAck-n3RkI*@GFZSfPZuf78A
z7Fkn!b9gs1n1yAS-=&p-f#KJ9Bt}4sBXF?k5bIgbpxR$_?iZ#+2U(`#*Is!?ZJL2=
z_SNF93L0-#!dcOmdvp^ZWMrh6#Z+oWlxlUT>FJ%I(48F5EH*E$v_N*{GN_-vD0CYv
z<h%3<8vq8gPQW{t)%ckkN)+ZNV7nkfZUY3*{C&!Ja7LYs2d8V{1a}s=d_w>%QV0ve
zLD2l)awykT^s;KMhY|Bb(}gJMA>){4E}1kexTtp~;0*-gQhlj#(MV6_>QMoz5^!yB
zNwOgO|C3O1_1dTMgQ($I6h{?ojV&OG1sm4sNd`qOmMYNu33;+9I?(4%d2m-+fpGI+
z8p2NMKK#v~S(f5&(9fqljusCt6A!&!JDD=gaw%~<@yFde@4(mYT$c8_+;ggtw~`Dz
zwqL&$p5`@aKw6`au=^lX*Bq3GmvY1Cq_X!YDxSH%cH#Sd(=SA&p)57oRh=ey0VF+6
zgBs}qc)UQI@ym2!k=9imd*(PvI|Qf}_mUgI&-qA@H5$l#c%%HEhVMfWtOWr~4h4tY
z8~*^((WEfKs8}pnf!1{Gxksuw@`x7ElqdCPp7ChUY<iD}Vx^_^An#$<awG4EjW2F|
z<`tvP80KA`P-f<tOkL86t~VFi>BnFBFe;7O6D|m1No}*I29Q%@%Jl>~!DmZ~&*bO3
z#GJY}kDd!gN^Bl`et&rDI)IOtRO4?TFQQVHcFepFme~+3UK!w|O&{tI&C*HO!+Kj<
z4arDFA{wL=5^c@4_`DAucMGI(>QT=~PvPMnIVy&oRmz;&Gbg8TkEEnD{31&sV(iK#
z7I=h$95{7(o*tli)f^_<Od;)?V;d?tP?del%GTLagBD^%dJ(qcEhbT)TD$#l34+!U
zf}q?QE5Q3?=~80p%q-}kBiYkbI=3)eB)u2@R-|y`lx1DxO6ISOUYybO0RHt_1!rD3
zx&aHXFxDb3eaVp3N$tZTGbSjTS9IsY*^z8otqW@3n|hKbX0z$U7SsC#<&SGrd5pEN
zmgI{!_PEt;q#B7xx_z3%^i|fBcSZ{!ZNlg{IJhpwc_qHs&CQM8NC*mVvbyeHWk4>=
yJny#szHYnU{h{MqlXpb2jMfgjJ$&G^v|cKIC85Cw$)GS)TTZ#KO;dZ%G|WNpHwE|r